The head of the German data protection authority has asked Facebook to disable its facial recognition feature over concerns that it violates European Union privacy laws.

The head of the German data protection authority has asked Facebook to disable its facial recognition feature over concerns that it violates European Union privacy laws.

Johannes Caspar, head of the Hamburg Data Protection Authority, sent Facebook a letter, in which he argued that facial recognition amounts to unauthorized data collection on individuals. Caspar sent the letter on Wednesday, and has given Facebook two weeks to respond.

The European Union's advisory board--the Article 29 Working Party--is also looking into Facebook's facial recognition and whether it's a violation of EU law. Investigations at the member-state level are underway in Ireland, the United Kingdom, and, now, Germany.

If the social networking site is found guilty of breaching consumer privacy, German laws allow Facebook to be fined up to 300,000 euros ($429,000). Regulators would also be able to force Facebook to disable facial recognition within the country.

Facebook has defended itself by denying that it's doing anything wrong--though the company did say it would take Caspar's concerns into consideration. "We will consider the points the Hamburg Data Protection Authority have made about the 'photo tag suggest' feature, but firmly reject any claim that we are not meeting our obligations under European Union data protection law," a company spokesperson said.

It's not clear if Germany's move will affect the United States. While no official investigation into Facebook's facial recognition feature currently exists in the United States, the Electronic Privacy Information Center (EPIC) has filed a complaint with the FTC.

EPIC's effort has received support from Rep. Ed Markey (D-Mass.), who chairs the bi-partisan privacy caucus. "When it comes to users' privacy, Facebook's policy should be: 'Ask for permission, don't assume it," Rep. Markey has said.